CVE-2025-14097
Unknown Unknown - Not Provided
Remote Code Execution Vulnerability in Radiometer Analyzer Software

Publication date: 2025-12-17

Last updated on: 2025-12-17

Assigner: Radiometer

Description
A vulnerability in the application software of multiple Radiometer products may allow remote code execution and unauthorized device management when specific internal conditions are met. Exploitation requires that a remote connection is established with additional information obtained through other means. The issue is caused by a weakness in the analyzer’s application software.                                                                                                                                                                                                Other related CVE's are CVE-2025-14095 & CVE-2025-14096.                                                                                                      Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency. Required Configuration for Exposure: Affected application software version is in use and remote support feature is enabled in the analyzer.                                                                                                                                                                        Temporary work Around: If the network is not considered secure, please remove the analyzer from the network.                         Permanent solution: Customers should ensure the following: • The network is secure, and access follows best practices. Local Radiometer representatives will contact all affected customers to discuss a permanent solution.                                                      Exploit Status: Researchers have provided working proof-of-concept (PoC). Radiometer is not aware of any publicly available exploits at the time of this publication.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-17
Last Modified
2025-12-17
Generated
2026-06-16
AI Q&A
2025-12-17
EPSS Evaluated
2026-06-14
NVD
CVE-2025-14097
EUVD
EUVD-2025-203895
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
radiometer application_software *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the application software of multiple Radiometer products. It may allow remote code execution and unauthorized device management if certain internal conditions are met. Exploitation requires a remote connection and additional information obtained through other means. The issue is due to a weakness in the analyzer's application software, and it affects devices with the remote support feature enabled.

Impact Analysis

If exploited, this vulnerability can lead to remote code execution and unauthorized management of the affected Radiometer devices. This means an attacker could potentially control the device remotely, impacting confidentiality, integrity, and availability of the device and its data.

Mitigation Strategies

Immediate steps include removing the affected Radiometer analyzer from the network if the network is not considered secure. Additionally, ensure that the network is secure and that access follows best practices. The remote support feature should be disabled or controlled to prevent exposure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14097. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart